The IDPS must ensure IP hijacking signatures have been implemented.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000244-IDPS-000229	SRG-NET-000244-IDPS-000229	SRG-NET-000244-IDPS-000229_rule		Medium

Description
There are a number of publicly available tools that exist to facilitate the hijacking of TCP sessions. An attacker using such tools can determine the TCP sequence and acknowledgement numbers that two hosts are using in a communication session. This information could enable the attacker to take over the legitimate network connection of an authorized user and inject commands into the session. This is particularly serious because most forms of one-time passwords do not prevent this access.

Description

There are a number of publicly available tools that exist to facilitate the hijacking of TCP sessions. An attacker using such tools can determine the TCP sequence and acknowledgement numbers that two hosts are using in a communication session. This information could enable the attacker to take over the legitimate network connection of an authorized user and inject commands into the session. This is particularly serious because most forms of one-time passwords do not prevent this access.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43393_chk )
Identify the signatures which monitor for IP hijacking of TCP sessions. If a signature that monitors for IP hijacking is not installed, this is a finding.

Fix Text (F-43393_fix)
Download and install the latest signatures designed to monitor for IP hijacking of TCP sessions.